<body text="#000000" link="#0000ff" bgcolor="#ffffff"><center><table width="80%">
<tr><td><h1>ssss</h1>
<h2>Split and Combine Secrets using Shamir's Secret Sharing Scheme.</h2>


<h2>Synopsis</h2>
<b>
      ssss-split -t <em>threshold</em> -n <em>shares</em> [-w <em>token</em>] 
         [-s <em>level</em>] [-x] [-q] [-Q] [-D] [-v]<br>

      ssss-combine -t <em>threshold</em> [-x] [-q] [-Q] [-D] [-v]<br>

</b>


<h2>Description</h2>

<p>ssss is an implementation of Shamir's Secret Sharing Scheme. The
program suite does both: the generation of shares for a known secret,
and the reconstruction of a secret using user-provided shares.</p>



<h2>Commands</h2>

      <p><b>ssss-split</b>: prompt the user for a secret and generate a set of
      corresponding shares.</p>
      
      <p><b>ssss-combine</b>: read in a set of shares and reconstruct
      the secret.</p>



<h2>Options</h2>


      
<p><b>-t <em>threshold</em></b></p> 
<p>Specify the number of
      shares necessary to reconstruct the secret.</p>
    


      
<p><b>-n <em>shares</em></b></p>

      <p>Specify the number of shares to be generated.</p>

      
      
      <p><b>-w <em>token</em></b></p>

      <p>Text token to name shares in order to avoid confusion in case one
      utilizes secret sharing to protect several independent secrets. The
      generated shares are prefixed by these tokens.</p>

      
      
      <p><b>-s <em>level</em></b></p>

      <p>Enforce the scheme's security level (in bits). This option
      implies an upper bound for the length of the shared secret
      (shorter secrets are padded). Only multiples of 8 in the range
      from 8 to 1024 are allowed. If this option is ommitted (or the
      value given is 0) the security level is chosen automatically
      depending on the secret's length.  The security level directly
      determines the length of the shares.</p>

      

      <p><b>-x</b></p>

      <p>Hex mode: use hexadecimal digits in place of ASCII characters for
      I/O. This is useful if one wants to protect binary data, like
      block cipher keys.</p>

      

      <p><b>-q</b></p>

      <p>Quiet mode: disable all unnecessary output. Useful in scripts.
      </p>

      
      <p><b>-Q</b></p>

      <p>Extra quiet mode: like <b>-q</b>, but also suppress
warnings.</p>

      

      <p><b>-D</b></p>

      <p>Disable the diffusion layer added in version 0.2. This option
      is needed when shares are combined that where generated with
      ssss version 0.1.</p>

      

      <p><b>-v</b></p>

      <p>Print version information.</p>

      


<h2>Example</h2>

<p>
        In case you want to protect your login password with a set of ten
        shares in such a way that any three of them can reconstruct the
        password, you simply run the command
</p>

<p>
          ssss-split -t 3 -n 10 -w passwd
</p>

<p>
        To reconstruct the password pass three of the generated shares
        (in any order) to
</p>

<p>
          ssss-combine -t 3
</p>



<h2>Notes</h2>

<p>
To protect a secret larger than 1024 bits a hybrid technique has to be
applied: encrypt the secret with a block cipher and apply secret
sharing to just the key. Among others openssl and gpg can do the
encryption part:
</p>
<p>
openssl bf -e &lt; file.plain &gt; file.encrypted
</p>
<p>
gpg -c &lt; file.plain &gt; file.encrypted
</p>




<h2>Security</h2>

<p>
<b>ssss</b> tries to lock its virtual address space into RAM for
privacy reasons. But this may fail for two reasons: either the current uid
doesn't permit page locking, or the RLIMIT_MEMLOCK is set too
low. After printing a warning message <b>ssss</b> will run even without
obtaining the desired mlock.
</p>




<h2>Author</h2>

        This software (v0.5) was written in 2006 by B. Poettering
        (ssss AT point-at-infinity.org). Find the newest version of
        ssss on the project's homepage: <a href = "http://point-at-infinity.org/ssss/">http://point-at-infinity.org/ssss/</a>.



<h2>Further reading</h2>

        <a href = "http://en.wikipedia.org/wiki/Secret_sharing">http://en.wikipedia.org/wiki/Secret_sharing</a>




</td></tr></table></center>
</body>
